I needed to get data from a Sharepoint list. So I followed the documented procedure to generate a token in Postman. Within my organization I could only specify 'grant_type = 'client_credentials' for some reason and grant_type = 'authorization_code' did not work. I could then copy/paste this token into my application script to successfully retrieve the data. So far, so good.
In Postman, 'grant_type = client_credentials' does not return a refresh token. The above token I get is short-lived. So I'm trying to create a new token each time in my application using a system-call to curl.
I verified that the Postman call worked and I copied that exact command from Postman (verbatim) according to this curl command. The string looks like:
curl --location --max-time 1000 --request POST 'https://accounts.accesscontrol.windows.net/[...]/tokens/OAuth/2' --header 'Content-Type: application/x-www-form-urlencoded' --header 'Cookie: esctx=AQABAAAAAAD--DLA3VO7QrddgJg7WevrbBVCt369nz7Jni4iPCMokBEc1tkEZ08H3soU6JWnoDTyn05CDibW_eX5CgQqjGjem_72VHKAbefA1IAUBJiFPSCroSIohOHfU7X7D16hwnR6cBcLfczq0nQAaU0P6vUfaN5pZsBxK-Iffnow2He6BG_bjs_mHFs4-oqxCIo_mdufK8qAueLB8LeUmV2jkojB7WBrJ6w12huVNzCrxcFCpzUB5Psoe6YvuqfO0cwqTAwgAA; fpc=Ar4h7FBOD6RNjx8fz-5uDKHkfFA2AQAAAHUGK9sOAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_id=[client_id]@[realm]' --data-urlencode 'client_secret=[client_secret' --data-urlencode 'resource=00000003-0000-0ff1-ce00-000000000000/[targethost]@realm'
Of course, I've replaced the sensitive data above But this is an EXACT copy of the curl command from Postman.
When I run the above command in a bash window, I get the following error:
curl: (6) Could not resolve host: accounts.accesscontrol.windows.net
I've tried the Powershell version from the successful Postman call from a script and that does successfully return an access token. But not all our users have Powershell, so I think curl would be the only way. I'm able to successfully use nslookup on this host-name and also ping it. Only the curl command seems to fail all the time.
I'd appreciate any guidance/advice on how to make this work in curl. Thanks in advance.
Hi
@Rust Shazam
Per my research, you could use following script to get access token
wwwauthenticate=$(curl -i -H "Authorization: Bearer" -s "https://YourTenant.sharepoint.com/_vti_bin/client.svc/" | grep -i "www-authenticate")
bearer_realm=$(echo $wwwauthenticate | awk -F"," '{print $1}' | awk -F"=" '{print $2}' | tr -d '"')
app_id=$(echo $wwwauthenticate | awk -F"," '{print $2}' | awk -F"=" '{print $2}' | tr -d '"')
grant_type="grant_type=client_credentials"
cl_id="client_id=c2xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx@$bearer_realm"
cl_secret="client_secret=3zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
res="resource=$app_id/YourTenant.sharepoint.com@$bearer_realm"
url="https://accounts.accesscontrol.windows.net/$bearer_realm/tokens/OAuth/2"
content_type="Conent-Type: application/x-www-form-urlencoded"
access_token=$(curl -X POST -H $content_type --data-urlencode $grant_type --data-urlencode $cl_id --data-urlencode $cl_secret --data-urlencode $res -s $url | awk -F":" '{print $NF}' | tr -d '"}')
echo $access_token
Here is the link for more details, please refer to the steps
https://stackoverflow.com/questions/28449299/curl-request-to-microsoft-sharepoint-api
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Rust Shazam
Have you tried the solution I proposed?
If you have any questions or progress, you can contact me in time.
Looking forward to your reply
Have a lucky day!
Thanks,
Raytheon Xie
Hi @Rust Shazam
Would you tell me whether your issue has been resolved or have any update?
I am looking forward to your reply.
Have a nice day!
Thanks,
Raytheon Xie
